LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2023-02-15T17:25:56.279Z
Updated: 2023-02-15T17:25:56.279Z
Reserved: 2023-01-06T18:49:55.855Z
Link: CVE-2023-22804
JSON object: View
NVD Information
Status : Modified
Published: 2023-02-15T18:15:11.827
Modified: 2023-11-07T04:07:25.270
Link: CVE-2023-22804
JSON object: View
Redhat Information
No data.
CWE